Jump to content


Photo

Access A Different Session's $_Session Variables


  • Please log in to reply
1 reply to this topic

#1 sylvest

sylvest

    Family Friend

  • Members
  • PipPip
  • 99 posts

Posted 02 March 2017 - 04:54 AM

Does anyone know how to access the session variables of a different session, in PHP?. The reason I need to do this is that I am accessing most pages on my website via a domain name, such as http://www.mydomain.com/login.php. However, the form on the login.php page where the username and password are entered uses https://hostname.tch...ame/do_loginphp as its Action page because I must use SSL for this to ensure that my usernames and passwords are not sent over the net in open text. This means that do_login.php is running in a different session from login.php, so I can't use the $_SESSION array to pass values from one to the other. If I pass the PHPSESSIONID of the original unencrypted session to the do_login.php page via a GET or POST variable, what I am trying to find out is, how would I then read and write values from/to the original $SESSION array?

 

Thank you - Rowan



#2 sylvest

sylvest

    Family Friend

  • Members
  • PipPip
  • 99 posts

Posted 02 March 2017 - 01:57 PM

Whatr I'm trying is:

  1. in the login page http://www.mydomain.com/login.php.
    1. Do session_start().
    2. Write some values into $_SESSION.
    3. add to the login form a hidden control with name='sessionid' and value='<?=session(id)?>
  2. In the form handler (https://hostname.tch...e/do_login.php)
    1. Do session_start().
    2. Read the value of session_id(), which is 4579fnvb049q7u5h8dmveqdm92
    3. Check the value of $_SESSION which is an empty array.
    4. Check the value of $_POST['sessionid'] which is thp24j106dp9ffdif406l37vg3
    5. Now do:

// This should restore the old session.

$fname = session_save_path() . "/sess_" . $_POST['sessionid'];
session_decode(file_get_contents($fname)))

// This should set some new session variables
$_SESSION['uehdj'] = 'iwenfio';
$_SESSION['oqyhekj'] = 'owhusnxdi';

 

Check the value of $_SESSION, which is
$_SESSION =
Array
(
    [uehdj] => iwenfio
    [oqyhekj] => owhusnxdi
)

 

I.e. the old session variables have not been recovered.

 

6.     Now do:

 

// Ths is supposed to write the session data back to the old session file.

$session_string = session_encode();
$bytes = file_put_contents($session_string);

 

// This is supposed to return to a http://www.mydomain.com/ page

header('Location: http://www.nydomain,.../welcome.php');

exit();

 

7. Use $_SESSION, which is supposed to contain any values that it had at the beginning of this who process, plus the two I added in do_login.php


My main question is: Why are there no sess_ files in the directory /home/myaccount/tmp that match either 4579fnvb049q7u5h8dmveqdm92 or thp24j106dp9ffdif406l37vg3. The only file there is sess_ea6d51dbplto9ukucbk9fvkep86kt5f7 which doesn't mathch any session I know about.


I hope someone understands how all this stuff works and can explain to me how to get it working.

 

Thanks - Rowan




 






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users